Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2_filter_module.c @ 7569:80359395b345
HTTP/2: traffic-based flood detection.
With this patch, all traffic over an HTTP/2 connection is counted in
the h2c->total_bytes field, and payload traffic is counted in
the h2c->payload_bytes field. As long as total traffic is many times
larger than payload traffic, we consider this to be a flood.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 18 Sep 2019 20:28:12 +0300 |
| parents | 99257b06b0bd |
| children | a7a77549265e |
comparison
equal
deleted
inserted
replaced
| 7568:2e61e4b6bcd9 | 7569:80359395b345 |
|---|---|
| 1875 stream->node->id, frame); | 1875 stream->node->id, frame); |
| 1876 | 1876 |
| 1877 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE | 1877 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE |
| 1878 + frame->length; | 1878 + frame->length; |
| 1879 | 1879 |
| 1880 h2c->payload_bytes += frame->length; | |
| 1881 | |
| 1880 ngx_http_v2_handle_frame(stream, frame); | 1882 ngx_http_v2_handle_frame(stream, frame); |
| 1881 | 1883 |
| 1882 ngx_http_v2_handle_stream(h2c, stream); | 1884 ngx_http_v2_handle_stream(h2c, stream); |
| 1883 | 1885 |
| 1884 return NGX_OK; | 1886 return NGX_OK; |
| 1928 "http2:%ui PUSH_PROMISE frame %p was sent", | 1930 "http2:%ui PUSH_PROMISE frame %p was sent", |
| 1929 stream->node->id, frame); | 1931 stream->node->id, frame); |
| 1930 | 1932 |
| 1931 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE | 1933 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE |
| 1932 + frame->length; | 1934 + frame->length; |
| 1935 | |
| 1936 h2c->payload_bytes += frame->length; | |
| 1933 | 1937 |
| 1934 ngx_http_v2_handle_frame(stream, frame); | 1938 ngx_http_v2_handle_frame(stream, frame); |
| 1935 | 1939 |
| 1936 ngx_http_v2_handle_stream(h2c, stream); | 1940 ngx_http_v2_handle_stream(h2c, stream); |
| 1937 | 1941 |
| 2022 "http2:%ui DATA frame %p was sent", | 2026 "http2:%ui DATA frame %p was sent", |
| 2023 stream->node->id, frame); | 2027 stream->node->id, frame); |
| 2024 | 2028 |
| 2025 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE; | 2029 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE; |
| 2026 | 2030 |
| 2031 h2c->payload_bytes += frame->length; | |
| 2032 | |
| 2027 ngx_http_v2_handle_frame(stream, frame); | 2033 ngx_http_v2_handle_frame(stream, frame); |
| 2028 | 2034 |
| 2029 ngx_http_v2_handle_stream(h2c, stream); | 2035 ngx_http_v2_handle_stream(h2c, stream); |
| 2030 | 2036 |
| 2031 return NGX_OK; | 2037 return NGX_OK; |
| 2034 | 2040 |
| 2035 static ngx_inline void | 2041 static ngx_inline void |
| 2036 ngx_http_v2_handle_frame(ngx_http_v2_stream_t *stream, | 2042 ngx_http_v2_handle_frame(ngx_http_v2_stream_t *stream, |
| 2037 ngx_http_v2_out_frame_t *frame) | 2043 ngx_http_v2_out_frame_t *frame) |
| 2038 { | 2044 { |
| 2039 ngx_http_request_t *r; | 2045 ngx_http_request_t *r; |
| 2046 ngx_http_v2_connection_t *h2c; | |
| 2040 | 2047 |
| 2041 r = stream->request; | 2048 r = stream->request; |
| 2042 | 2049 |
| 2043 r->connection->sent += NGX_HTTP_V2_FRAME_HEADER_SIZE + frame->length; | 2050 r->connection->sent += NGX_HTTP_V2_FRAME_HEADER_SIZE + frame->length; |
| 2051 | |
| 2052 h2c = stream->connection; | |
| 2053 | |
| 2054 h2c->total_bytes += NGX_HTTP_V2_FRAME_HEADER_SIZE + frame->length; | |
| 2044 | 2055 |
| 2045 if (frame->fin) { | 2056 if (frame->fin) { |
| 2046 stream->out_closed = 1; | 2057 stream->out_closed = 1; |
| 2047 } | 2058 } |
| 2048 | 2059 |